1 files changed, 8 insertions, 0 deletions

diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index ad6155258ab..564215f6e50 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -44,6 +44,9 @@ class ProjectPolicy < BasePolicy
   desc "Project is public"
   condition(:public_project, scope: :subject, score: 0) { project.public? }
 
+  desc "project is private"
+  condition(:private_project, scope: :subject, score: 0) { project.private? }
+
   desc "Project is visible to internal users"
   condition(:internal_access) do
     project.internal? && !user.external?
@@ -55,6 +58,9 @@ class ProjectPolicy < BasePolicy
   desc "User is a requester of the group"
   condition(:group_requester, scope: :subject) { project_group_requester? }
 
+  desc "User is external"
+  condition(:external_user) { user.external? }
+
   desc "Project is archived"
   condition(:archived, scope: :subject, score: 0) { project.archived? }
 
@@ -913,6 +919,8 @@ class ProjectPolicy < BasePolicy
     prevent :read_project
   end
 
+  rule { ~private_project & guest & external_user }.enable :read_container_image
+
   private
 
   def user_is_user?